From: Jean Tourrilhes Date: Thu, 8 Oct 2009 17:39:49 +0000 (-0700) Subject: ovs-ofctl: Fix use-after-free error in mod-flows command. X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6a5d4138d6317922fd3386f096ff45f08cdc9544;p=openvswitch ovs-ofctl: Fix use-after-free error in mod-flows command. --- diff --git a/utilities/ovs-ofctl.c b/utilities/ovs-ofctl.c index 04a869a2..76114159 100644 --- a/utilities/ovs-ofctl.c +++ b/utilities/ovs-ofctl.c @@ -916,11 +916,15 @@ do_mod_flows(const struct settings *s, int argc UNUSED, char *argv[]) struct vconn *vconn; struct ofpbuf *buffer; struct ofp_flow_mod *ofm; + struct ofp_match match; - /* Parse and send. */ - ofm = make_openflow(sizeof *ofm, OFPT_FLOW_MOD, &buffer); - str_to_flow(argv[2], &ofm->match, buffer, + /* Parse and send. str_to_flow() will expand and reallocate the data in + * 'buffer', so we can't keep pointers to across the str_to_flow() call. */ + make_openflow(sizeof *ofm, OFPT_FLOW_MOD, &buffer); + str_to_flow(argv[2], &match, buffer, NULL, NULL, &priority, &idle_timeout, &hard_timeout); + ofm = buffer->data; + ofm->match = match; if (s->strict) { ofm->command = htons(OFPFC_MODIFY_STRICT); } else {